Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

In fact, Chromium was dropped from Wheezy recently since the version it was based on lost upstream support and security updates. The advice then was to run Jessie instead. Presumably that advice is now "don't run Chromium derivatives on Debian", unless testing has a supported kernel version.

Most likely the GP has a modem that handles VDSL and ADSL and someone connected the wrong line in the cabinet. If the modem switched protocols to VDSL, you'd get 40 Mb/s on an "ADSL" line - just not using ADSL.

It's still possible in daemontools to run a shell script wrapper from/etc/service/foo/run around some real server in Java/Erlang/whatever. Stopping the service with "svc -d/etc/service/foo" will then entirely fail to kill the server process. I would imagine that the systemd's cgroup suport would avoid this happening.

There's a reasonable argument for moving to 64-bit on security grounds too. The increase in virtual address space makes ASLR far more effective since there are many more options for positioning compared to 32-bit code. On top of that, any attacks are more likely to hit a unallocated page as opposed to anything useful (with some limitations of course).

Oracle is posting patches for all its products next Tuesday which include +36 exploits for Java alone and over 140 for all Oracle products currently supported included over 80 that require no authentication to execute.These patches look to be critical for any administrator. Java 6 users who use equipment or programs that rely on older versions are SOL unless you sign up for a very expensive support contract as these patches are for Java 7 only."Link to Original Source

Nerval's Lobster (2598977) writes "Retail giant Target continues to drastically downplay the impact of the massive data breach it suffered during December, even while admitting the number of customers affected is nearly twice as large as it had previously estimated. Target admitted today the massive data breach it suffered during the Christmas shopping season was more than twice as large and far more serious than previously disclosed. A Jan. 10 press release admits the number of customers affected by the second-largest corporate data breach in history had increased from 40 million to 70 million, and that the data stolen included emails, phone numbers, street addresses and other information absent from the stolen transactional data that netted thieves 40 million debit- and credit-card numbers and PINs. “As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach” according to Target’s statement. “This theft is not a new breach, but was uncovered as part of the ongoing investigation.” The new revalation does represent a new breach, however, or at least the breach of an unrelated system during the period covered during the same attack, according to the few details Target has released. Most analysts and news outlets have blamed the breach on either the security of Target’s Windows-based Point-of-Sale systems or the company’s failure to fulfill its security obligations under the Payment Card Industry Data Security Standard (PCI DSS)."Link to Original Source

Hugh Pickens DOT Com (2995471) writes "Conor Friedersdorf has written a tongue-in-cheek article in The Atlantic advising New Jersey Governor Chris Christie how he can use the NSA playbook to successfully defend himself of the charges that a senior member of his staff was involved in shutting down George Washington Bridge traffic, a stunt meant to punish the mayor of an affected town for opposing his reelection. Christie's NSA-inspired explanation would include the following points: There are almost 9 million people in New Jersey, and only one was targeted for retribution, an impressively tiny error rate lower than.001 percent; The bridge closure was vital to national security because [redacted]; Since the George Washington Bridge is a potential terrorist target, everything that may or may not have happened near it is a state secret; Going after a political rival is wrong but it's important to put this event in context; Fort Lee Mayor Mark Sokolich was the only target of non-compliant behavior. No other Fort Lee resident was ever targeted for retribution, and any delays that any Fort Lee resident experienced were totally inadvertent and incidental; Finally a panel will be formed to figure out how to restore the public's faith in Chris Christie. "To some readers, these talking points may seem absurd or deliberately misleading," concludes Friedersdorf, "but there isn't any denying that so far they're working okay for the NSA.""

An anonymous reader writes "The smartphone and tablet rivals will work with a mediator in an effort to settle their patent disputes in advance of a second trial on the issues scheduled for this spring, according to Bloomberg News. The agreement, filed in federal court in San Jose today, was in response to U.S. District Judge Lucy Koh’s request in November that both sides submit a settlement discussion proposal before trial. Senior legal executives at the companies met Jan. 6 to discuss “settlement opportunities,” according to the proposal. The companies agreed to retain a mediator “who has experience mediating high profile disputes,” according to the filing, which doesn’t name the person. The chief executive officers and three to four company lawyers, but no outside lawyers, will attend the mediation before Feb. 19, according to the filing.

Submitted
by
Science_afficionado
on Thursday January 09, 2014 @06:33PM

Science_afficionado (932920) writes "Astronomers have discovered a surprising new class of “hypervelocity stars” that are moving at more than a million miles per hour, fast enough to escape the gravitational grasp of the Milky Way galaxy. The 20 hyper stars are about the same size as the sun and, other than their extreme speed, have the same composition as the stars in the galactic disk. The big surprise is that they don't seem to come from the galaxy's center. The generally accepted mechanism for producing hypervelocity stars relies on the extreme gravitational field of the supermassive black hole that resides in the galaxy's core. So the discovery means that astrophysicists must come up with an entirely new method for speeding stars to hypervelocities."Link to Original Source

Normally, encrypted data must be decrypted entirely before any math or programming operations can be run. Homomorphic encryption (HE), however, lets you perform math directly on the encrypted data and have the results show in the underlying data.

From a security viewpoint, there is no need to decrypt any data and expose it to attack.Supposedly, programs (or entire VMs) could run while encrypted and exchange encrypted data between themselves while running.

Bruce Schneier in 2009 pointed out this is not a new technique: "Visions of a fully homomorphic cryptosystem have been dancing in cryptographers' heads for thirty years."

Schneier pointed out this technique could take longer to tun, but IBM claims that Victor Shoup and Shai Halevi of tT. J. Watson Research Center, claim to have taken Gentry's original breakthroughs and implemented them practically, with a released open source, GPL-licensed C++ library to perform HE, mostly meant for researchers working on HE.

"Hopefully in time we will be able to provide higher-level routines," writes Halevi.

Bob Gourley of CTOvision.com writes, "I have seen nothing in any of the research that makes me think a solution can be put in place that cannot be defeated by bad guys. And if that can’t be done then the solution will not solve any problems, it will just add processing overhead."